policy-20051114.patch from dan

2005-12-06 15:23:59 +00:00 · 2005-12-06 15:23:59 +00:00 · 3c8f6b1af8
commit 3c8f6b1af8
parent ffd04848e2
4 changed files with 7 additions and 7 deletions
--- a/refpolicy/policy/modules/admin/rpm.te
+++ b/refpolicy/policy/modules/admin/rpm.te
@ -201,9 +201,6 @@ optional_policy(`nis',`
 ')

 ifdef(`TODO',`
-# cjp: this seems way out of place
-role sysadm_r types initrc_t;
-
 # read/write/create any files in the system
 dontaudit rpm_t domain:{ socket unix_dgram_socket udp_socket unix_stream_socket tcp_socket fifo_file rawip_socket packet_socket } getattr;
 allow rpm_t ttyfile:chr_file unlink;
--- a/refpolicy/policy/modules/services/dbus.te
+++ b/refpolicy/policy/modules/services/dbus.te
@ -1,5 +1,5 @@

-policy_module(dbus,1.0)
+policy_module(dbus,1.0.1)

 gen_require(`
 	class dbus { send_msg acquire_svc };
@ -30,7 +30,7 @@ files_pid_file(system_dbusd_var_run_t)

 # dac_override: /var/run/dbus is owned by messagebus on Debian
 # cjp: dac_override should probably go in a distro_debian
-allow system_dbusd_t self:capability { dac_override setgid setuid };
+allow system_dbusd_t self:capability { dac_override setgid setpcap setuid };
 dontaudit system_dbusd_t self:capability sys_tty_config;
 allow system_dbusd_t self:process { getattr signal_perms };
 allow system_dbusd_t self:fifo_file { read write };
--- a/refpolicy/policy/modules/system/authlogin.te
+++ b/refpolicy/policy/modules/system/authlogin.te
@ -1,5 +1,5 @@

-policy_module(authlogin,1.0.1)
+policy_module(authlogin,1.0.2)

 ########################################
 #
@ -278,6 +278,7 @@ dev_read_urand(system_chkpwd_t)
 fs_dontaudit_getattr_xattr_fs(system_chkpwd_t)

 term_dontaudit_use_unallocated_tty(system_chkpwd_t)
+term_dontaudit_use_generic_pty(system_chkpwd_t)

 corecmd_search_sbin(system_chkpwd_t)

--- a/refpolicy/policy/modules/system/logging.te
+++ b/refpolicy/policy/modules/system/logging.te
@ -1,5 +1,5 @@

-policy_module(logging,1.0.1)
+policy_module(logging,1.0.2)

 ########################################
 #
@ -69,7 +69,9 @@ allow auditctl_t etc_t:file { getattr read };
 allow auditctl_t auditd_etc_t:file r_file_perms;

 kernel_read_kernel_sysctl(auditctl_t)
+kernel_read_proc_symlinks(auditctl_t)

+domain_read_all_domains_state(auditctl_t)
 domain_use_wide_inherit_fd(auditctl_t)

 init_use_script_pty(auditctl_t)